WebApp Sec mailing list archives
RE: Extended ASCII characters used for injection
From: "Onken, Skyler" <onk08001 () byui edu>
Date: Tue, 19 Oct 2010 13:56:23 +0000
Im not aware of any injection attacks directly. In the past I have been able to force information disclosure via 500 error pages (file structure, other applications used, etc) by submitting sequences of characters like those you showed. Skyler Onken CEH, ECSA, Security+ http://securityreliks.securegossip.com ________________________________________ From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of Nibbler [enibbler () gmail com] Sent: Tuesday, October 19, 2010 7:06 AM To: webappsec () securityfocus com Subject: Extended ASCII characters used for injection Hi list, I have a web app and I want to block special characters in URL on the web server. Do you know if there is a risk of injection (XSS...) with extended ASCII char (%7f-%ff)? Is there any reason to block these characters? Thanks Regards, Nib This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Extended ASCII characters used for injection Nibbler (Oct 19)
- Re: Extended ASCII characters used for injection Mostafa Siraj (Oct 19)
- RE: Extended ASCII characters used for injection Onken, Skyler (Oct 19)
- Re: Extended ASCII characters used for injection Simon XanthiX (Oct 19)
- Re: Extended ASCII characters used for injection john s (Oct 19)
- RE: Extended ASCII characters used for injection Chris Weber (Oct 20)
- Re: Extended ASCII characters used for injection Jeff Williams (Oct 20)
- RE: Extended ASCII characters used for injection Linden Darling (Oct 20)
- RE: Extended ASCII characters used for injection Richard M. Smith (Oct 25)
- Re: Extended ASCII characters used for injection john s (Oct 25)
- RE: Extended ASCII characters used for injection Chris Weber (Oct 25)
- Re: Extended ASCII characters used for injection john s (Oct 25)
- Re: Extended ASCII characters used for injection Jeff Williams (Oct 20)